The present disclosure relates generally to systems and methods for conducting a variety of secure transactions. More specifically, but not exclusively, the present disclosure relates to systems and methods that use electronic tags and/or presence verification in connection with a variety of transactions.
Electronic tags may be used in a variety of beneficial applications, including product inventory control, value and/or reward card systems, personal identification systems, and/or the like. Systems using conventional electronic tags, however, may not be particularly robust. For example, in value and/or reward card systems utilizing conventional electronic tags, card balances may be stored in the tag. If such a card is stolen, a user is likely to be at least temporarily inconvenienced and may have little if any recourse to recover the value associated with the card. Conventional systems utilizing electronic tags may also require significant security hardening of electronic tag readers and/or associated communication channels. Costs associated with secure hardware included in conventional tag readers may discourage the widespread adoption of such systems. Moreover, existing systems utilizing electronic tags may be limited in their ability to securely prove the authenticity and/or validity of a tag and/or determine that a tag is located at a particular place at a particular time. Systems and methods are described herein that ameliorate some or all of these problems. For example, without limitation, in some existing electronic tag-based systems, electronic tags are relatively easy to copy unless relatively sophisticated and/or expensive techniques are used. In some embodiments of the systems and methods disclosed herein, server-side methods are used in an end-to-end system that obviate or reduce the need for security in the tag and/or in the tag reader.
Systems and methods disclosed herein facilitate electronic tag and/or presence verification. In some embodiments, use is made of virtual tags that may be resident in consumer devices such as mobile phones and tablets, rather than a physical tag. Unless otherwise clear from the context, references made herein to secure electronic tags, electronic tags, tags, and/or the like are meant to encompass any suitable implementation (e.g., a secure chip, a virtual tag or value stored in a user's device, etc.). In certain embodiments, the disclosed systems and methods may use a secure electronic tag configured to store secret information provisioned by a trusted authority. Knowledge of this secret information by the tag may be verified by the trusted authority to authenticate the presence of the tag in proximity to a tag authentication device. Embodiments of the disclosed systems and methods may be used in connection with a variety of secure transactions requiring a trusted verification that an electronic tag is physically present proximate to a tag authentication device at a particular time.
To authenticate a secure electronic tag, a tag authentication device may detect the presence of the tag proximate to the authentication device via any suitable communication method. Upon detecting the presence of a tag, the authentication device may communicate with a trusted authority associated with the tag and request authentication of the tag by the trusted authority. In response, the trusted authority may generate challenge information and communicate the challenge information to the authentication device. In certain embodiments, the challenge information may comprise a randomly-generated value, although other types of challenge information may also be used in connection with the disclosed systems and methods. The authentication device may communicate the challenge information to the electronic tag and request that a response be generated by the tag based on the challenge information. In certain embodiments, the requested response may comprise a result of a computation performed by the electronic tag using the challenge information and the secret information (e.g., a digital signature, hash, and/or encrypted version of the challenge information using the secret information, and/or the like).
The tag may communicate the response to the authentication device that in turn may forward it to the trusted authority. Upon receipt of the response, the trusted authority may generate its own response based on the challenge information and secret information that the trusted authority stores and/or otherwise possesses associated with the tag. If the response generated by the tag and the response generated by the trusted authority match, knowledge of the secret information stored by the tag may be verified by the trusted authority and the tag may be authenticated. If the responses do not match, the tag may not be verified by the trusted authority. An indication of whether the tag has been authenticated by the trusted authority may be communicated to the authentication device and/or one or more other service providers for use in connection with providing services associated with the tag.
Certain embodiments of the authentication systems and methods disclosed herein may provide for authentication of both a tag as well as a contextual interaction between a tag, a reader, and/or a trusted authority or other trusted service. As an example, in some embodiments, challenge information used in generating a challenge response may be communicated by the tag to an authentication device and/or a trusted authority in addition to the challenge response. While the challenge response may indicate possession of certain secret information by the tag, if the tag fails to also communicate the associated challenge information to the authentication device and/or trusted authority, however, proper interaction between the tag, authentication device, and/or trusted authority consistent with embodiments disclosed herein may not be authenticated. For example, in such a circumstance, it may be suspected that the tag response was fabricated and/or otherwise generated in some other context than a prescribed tag, authentication device, and/or trusted authority interaction consistent with embodiments disclosed herein.
Embodiments of the systems and methods disclosed herein may allow for secret information stored by the tag and/or the trusted authority to not be exposed to the authentication device and/or related service provider systems and/or directly communicated from the tag or the trusted authority. In certain embodiments, this may reduce the security complexity of the authentication device and/or associated hardware, software, and/or communication channels. The systems and methods disclosed herein may be used in connection with a variety of secure transactions utilizing secure electronic tags including, without limitation, product authentication, inventory, and/or ownership services, product information distribution services, value and/or loyalty card systems (e.g., private currency systems), ticketing systems, electronic payment systems, user authentication services, document signing services, electronic commerce services (e.g., auction services), and/or the like. In some embodiments, systems and methods are disclosed that can be used to construct services that securely maintain a one-to-one correspondence between tags and physical items, enabling secure item tracking and tracing through a distribution chain to an end consumer, thereby helping to prevent theft and fraud.